WordPress WP REST API limiting requests by domain

2019-07-14 18:38发布

This seems like it would be more obvious. I use WordPress to manage content for an external site. The WordPress content is displayed via the WP REST API and I display content with ajax and JS to this remote site. (e.g. https://example.com//wp-json/wp/v2/pages/23). Everything is on SSL and it all works great. How can I simply make it so this ajax GET request is only allowed from a certain domain - the remote site? The WP API is only used to display data.

标签： php ajax wordpress rest wp-api

1条回答

我欲成王，谁敢阻挡

2楼-- · 2019-07-14 19:01

I just had look at the php server variables and figure this out. $_SERVER['HTTP_ORIGIN']; was the one that I grab. Works like a charm!

add_filter( 'rest_authentication_errors', 'gc_filter_incoming_connections' );

function gc_filter_incoming_connections( $errors ){

    $allowed_origins = array('https://www.example.com'); // url that you want to access your WP REST API
    $request_origin = $_SERVER['HTTP_ORIGIN'];

    if( ! in_array( $request_origin, $allowed_origins ) )
        return new WP_Error( 'forbidden_access', 'Access denied', array( 'status' => 403 ) );

    return $errors;

}

0人赞添加讨论(0) 举报

WordPress WP REST API limiting requests by domain

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间